COMMENTARY: The word resilience gets tossed around a lot in cybersecurity, but what does it really mean?
In a cybersecurity context, resilience is the ability of an organization to dynamically adapt to unforeseen, adverse circumstances while maintaining critical operations and the capacity to swiftly recover from disruptions.
But here’s the question: How does an organization ensure business resilience before it's tested by events beyond its control?
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
Resilience isn’t something that just appears when disaster strikes. It’s built through preparation, adaptation, and planning—through seizing opportunities before they turn into crises. Sustainable cybersecurity embodies this philosophy by creating systems that don’t just survive attacks, but evolve to become stronger with each challenge.
This concept of resilience has taken on a deeply personal meaning for me as I’ve watched my youngest daughter face her own unpredictable challenge: alopecia.
Matilda, just three-years-old at the time we noticed an issue, started losing patches of her hair. At first, we hoped it was nothing serious. But the hair loss continued. Medical consultations led to a diagnosis—alopecia areata, an autoimmune condition with no cure or guaranteed treatment. And even with that diagnosis, the future remained uncertain. Would it remain patchy? Would it spread? Would it develop into alopecia universalis? We had no answers, only possibilities.
We did what parents do—we tried to shield her, carefully arranging her hair, securing headbands so that she really didn’t notice the worst of it, buying baseball caps, as she slowly lost more hair. At her preschool, her friends didn’t really notice either. Her hair loss happened gradually enough that no one questioned it. And when it reached the point where we had to cut off what little was left, Matilda, at age four, took it in her stride. She wasn't fazed. But by the time she turned five, something shifted. Her sense of self was developing, and she began to recognize her difference. Adults and children did give her a second glance. There were whispers and pointed fingers. She knew she was different to the Disney princesses that she loves to watch on TV.
When she started primary school, she did it without a wig, so that there would be no "secret" for some imagined, heartless kid to "expose." And she remained fiercely Matilda, she embodied resilience in its purest form. And the weekend when she finally got her first wig, her joy was unmistakable. Watching her repeat “I have hair” with wonder in her voice and light in her eyes, I realized just how much she had quietly endured.
But the most profound lesson came after. We went out to celebrate, and within five minutes of arriving at the restaurant, Matilda took off her wig to play with other kids—as herself. And that’s when it hit me:
Resilience isn’t about the layers people build around something to protect it. It’s about the inherent strength within that thing—the core ability to endure and adapt.
So, how does an organization build that resilience in cybersecurity—or anywhere in life?
A sustainable cybersecurity strategy goes beyond addressing immediate threats and focuses on building a long-term, resilient architecture. It emphasizes the importance of a security framework that’s not only reactive to current risks, but adaptable to future challenges. Sustainable cybersecurity means creating a balance between handling immediate threats and building a long-term security framework that adapts and evolves, keeping an organization’s defences strong and future-proof. Here are some basic tenets to follow:
Execute: Turn strategy into action.
A truly actionable cybersecurity strategy doesn’t sit on a slide deck—it lives in the day-to-day operations, strengthening defenses to tackle not only the problems we know about, but also the unknowns waiting in the wings. Start by getting the fundamentals right: regular threat modeling, focusing on high-impact vulnerabilities, crucially keeping security policies as agile as the attackers. And don’t just talk about cybersecurity with the security team: make it part of the organization’s DNA. Employees need to be tuned in, trained, and prepared, so security isn’t a burden—it’s embedded in every role. This transforms cybersecurity from a series of reactions into a resilient, continuously reinforced approach that meets today’s needs, and prepares the business to stay one step ahead.
Anticipate: Make intelligence the company’s edge.
It’s not possible to have resilience without understanding what the company is up against. Just like we needed to understand what Matilda’s diagnosis meant for her future, organizations need to understand their “health”—not just the assets they own, but also the specific threats that target them. Combining asset, risk, and threat intelligence offers the insight needed to prioritize defenses and respond before attackers can exploit vulnerabilities. What do I need to protect? How is it vulnerable? How might hackers abuse it? A well-defined threat model lets organizations anticipate security incidents and prepare defenses proactively, shifting the role of cybersecurity from gatekeepers to enablers of informed risk navigation.
Act: Automate for agility and speed.
Defenses need to move at the speed of attacks, not just at the speed of human reaction. Automation represents the backbone of sustainable cybersecurity—taking over repetitive tasks, identifying anomalies, and responding to threats in real time. By automating the basics across the infrastructure, we’re freeing up our analysts to focus on what really matters: proactive improvements and strategic defenses, instead of getting stuck in the endless cycle of alerts. Automation shifts cybersecurity from a “red alert” mode to a controlled, agile process that gives the business more than a fighting chance.
Fortify: Build true resilience from the ground up.
Resilience requires more than just piling up security layers, it starts with making each critical asset inherently stronger. While strategies like zero-trust, network segmentation, and redundancy create robust, layered defenses that limit attacker footholds and contain potential damage, they may ultimately rely on the strength of the underlying systems they protect. Building true resilience means hardening the foundation itself—because if the core is weak, even the best security won’t hold up. By reinforcing critical systems and layering strong defenses, we’re creating a security stance that’s built to adapt and endure, not just survive the next attack.
Sustain: Learn, adapt, and grow stronger.
The final piece of a sustainable cybersecurity strategy revolves around continuity and constant improvement. An adaptive defense isn’t just one that responds; it learns, evolves, and minimizes human input with automation where possible. Self-sustaining defenses must incorporate adaptive policies that adjust to real-time contexts, self-healing mechanisms for fast recovery from disruptions, and learning loops that use each incident as a chance to improve. By empowering end users and embedding security throughout the organization, this framework becomes a shared responsibility, reducing dependence on cybersecurity teams fosters a culture where security becomes everyone’s responsibility, making the organization less dependent on a few individuals and more equipped to handle threats collectively.
Resilience isn’t a destination; it’s a way of thinking. It’s about making every challenge an opportunity to improve. Sustainable cybersecurity means we stop dreading the unknown and start looking at each incident as a stepping stone towards a stronger, more adaptable future. Just as Matilda’s journey taught me, real resilience doesn’t lie in the layers we build up around something to protect it—it’s in the core strength and adaptability we build within it.
In cybersecurity, and in life, every setback presents an opportunity to innovate, prepare, and grow. Sustainable cybersecurity doesn’t just defend against today’s risks; it prepares us to thrive amidst tomorrow’s uncertainties. When we let go of panic mode, embrace adaptability, and foster a culture of resilience, we give ourselves the power to face the unknown, and we do it with confidence.
Rik Ferguson, vice president, security intelligence, Forescout
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
